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Who's Behind the Conti Ransomware Gang? - Part Two - 2024-01-03 16:35 


FOREIGN GOVERNMENT-LINKED MALICIOUS CYBER ACTIVITY 
TARGETING U.S. CRITICAL INFRASTRUCTURE 


If you have information that ties hacking groups 
such as Conti, TrickBot, Wizard Spider; the 
hackers known as “Tramp,” “Dandis,” 
“Professor,” “Reshaev,” or “Target”; or any 


malware or ransomware to a foreign auns: PROFESSOR” Jauis: RESHAEV” 


government targeting U.S. critical oN’ 
infrastructure, you may be eligible for a reward. 
wee = |S THIS THE CONTI 


Send your information to RFJ via our : meee ASSOCIATE KNOWN AS 
Tor-based tip line below. ALiaS:“TRAMP” ¥ auias:“DANDIS” "TARGET"? 
Tor Link:he5dybnt7sr6cm32xt7 7pazmtm65flqy6irivtflrugfcS5ep 7eiodiad.onionjOK 
@®>* vs.v fS batt 
>> U.S. Department of State @ +1- 7 . ; 
: Ne, ' Diplomatic Security Service ® aly 2-7843 


Rewards for Justice 


In a series of blog posts | exposed the "The Top Management of the Conti Ransomware 
Group's Fashion and Charity Brands" including "Who's Behind the Conti Ransomware 
Gang" where | also offered an in-depth peek inside "The Conti Ransomware Gang and 
the Trickbot Cybercrime Enterprise XMPP's and Jabber Account IDs" where | also 
successfully applied for the Rewards for Justice program "Applying for the Rewards for 
Justice on the Conti Ransomware Gang Program" where | also published never-published 
or discussed before "New Images Courtesy of the Conti Ransomware Gang" including my 
Rewards for Justice Conti Ransomware Gang research compilation "Dancho Danchev's 
Rewards for Justice Conti Ransomware Gang Research and Analysis Compilation" which 
you can grab from here including my first Twitter Soace on how | tracked down the Conti 
Ransomware Gang "My First Twitter Soace on How | Tracked Down The Conti 
Ransomware Gang Using Real-Time OSINT" including to expose "Exposing Bentley and 
Liam From The Conti/Trickbot Malware Gang" including to publish never-published or 


discussed before Conti Ransomware Gang videos and images courtesy of the "The Conti 
Ransomware Gang" including to publish an additional set of never-published or released 
videos courtesy of the Conti Ransomware Gang "The Conti Ransomware Gang - Videos - 
Part Two" including to elaborate on some of my research in my "Rewards for Justice - 
Dancho Danchev" including to publish an additional set of "The Conti Ransomware 
Gang's OSINT Artifacts" including to also provide "A Compilation of Conti Ransomware 


Gang BitCoin Transaction IDs - An OSINT Analysis" including "A Compilation of Known 
Conti Ransomware Malicious Domains - An OSINT Analysis" including "A Compilation of 
Known Conti Ransomware Themed Malicious and Fraudulent MD5s - An OSINT Analysis" 
including "Exposing the Fashion Brands of the Conti Ransomware Group" including 
"Exposing the Trickbot Malware Gang - An OSINT Analysis" including "Exposing the Conti 
Ransomware Gang - An OSINT Analysis" including "A Compilation of Known Conti 
Ransomware Gang Malicious Executable Download Locations - An OSINT Analysis" 
including "Exposing the Conti Ransomware Gang - An OSINT Analysis" including 
"Rewards for Justice - Dancho Danchev" including "How to Take Down the Conti 
Ransomware Gang - A Practical And Relevant Case Study on Taking Down Cybercriminal 
Infrastructure - A Practical Example". 


In this post I'll do a last round of elaboration into all the research efforts I've been 
putting into identifying core members of the Conti Ransomware Gang using their 
recently leaked internal communication publicly including to use exclusively OSINT for 
the purpose of successfully identifying key and core members of what appears to be a 
diversified cybercrime gang that has a pretty interesting way of distributing their 
fraudulently obtained income in the context of sponsoring and participating in fashion 
shows and other educational and music sponsorship efforts and campaigns on the 
Russian market supposedly using the stolen income that they've obtained using their 
ransomware tactics and techniques. 

What | came up was the following a private teaching school a rap and hip-hop music 
label where we got some of the core Conti Ransomware Gang members doing their 
advertising creative and brochures next to doing their hardcore "upcoming" ransomware 
brand releases including several fashion and clothing brands where we once again have 
core members of the Conti Ransomware Gang doing their advertising and brochure 
creative. 

The primary goal behind this post and analysis would be to elaborate as to the diverse 
nature of the members of the Conti Ransomware Gang in the context of having them 
involved in fashion music and teaching schools business and charitable initiatives in 
Russia supposedly using the stolen income which they obtained using their ransomware 
operation online. 


It's also worth pointing out that this entire analysis including the OSINT analysis and the 
OSINT research and enrichment analysis is entirely based on the Conti Ransomware 
Gang's internal leaked communication and is done exclusively by me with some quite 
positive and confirmed results already. 


Sample Conti Ransomware Gang image obtained using public sources based on the 
gang's internal leaked communication for a cover of a Russian Rap and Hip-Hop Artist 
and his album "Personality" apparently produced by the Conti Ransomware Gang's team 
members responsible for the advertising creative development for the gang 


Based on my research and analysis the photo obtained using public sources based on 
the gang's internal leaked communication for a cover of a Russian Rap and Hip-Hop 
Artist and his aloum "Personality" belongs to the Russian rap and hip-hop artist known 
as Linkvill where we have members of the Conti Ransomware Gang producing their 
logos and advertising creative part of their portfolio. 

Personally identifiable information for Evgeny Samsonov also known as 
Linkvill: 


hxxp://vk.com/eugene _linkvill 

hxxp://vk.com/artist/linkvill 

hxxp://vk.com/linkvill_ poetry 
hxxp://www.youtube.com/channel/UC9fFVU7UVgxBaCRz7RJD7DeQ 

Sample personal photos of Evgeny Samsonov also known as Linkvill: 


af — ee 


LOCA 


.' \ 


It also appears that Evgeny Samsonov also known as Linkvill whose album cover 
"Personality" was obtained using public sources and appears to be produced by 
members of the Conti Ransomware Gang who are responsible for creating the gang's 
advertising creative is also part of the Plastika Sound Boutique Ekaterinburg where we 
also have a second image courtesy of members of the Conti Ransomware Gang 
mentioning the Plastika music label. 


Sample personally identifiable information for Plastika Sound Boutique 
Ekaterinburg: 


hxxp://vk.com/plastika.space 
hxxp://plastika.space 
Address: ynuua Kuposa, 9, EkaTepuH6ypr 


Part of Plastika Sound Boutique Ekaterinburg are: 
- Nikita Zharinov - born on 10th of January 2002 


- Ice Costa - hxxp://vk.com/icecosta 
- Alexey Plyushkin - born on 11th of April 1994 


It gets even more interesting when we research a second image courtesy of the Conti 
Ransomware Gang which was once again obtained from their recently leaked internal 
communication. 


a 


Sample Conti Ransomware Gang image obtained using public sources based on the 
gang's internal leaked communication for a cover of a Russian Rap and Hip-Hop Artist 
Ice Costa apparently produced by the Conti Ransomware Gang's team members 
responsible for the advertising creative development for the gang 


The image appears to be a second album cover once again produced by team members 
of the Conti Ransomware Gang responsible for advertising logos and advertising 
creative development this time by Ice Costa who is also a Russian rap and hip-hop artist 
who is also part of the Plastika Sound Boutique Ekaterinburg. 

Sample photos of Ice Costa 
(hxxp://www.youtube.com/channel/UCJQmq6UIEYIDnrNSOzZC6dQ): 


ipvisont 


EXPLICIT CONTENT 


The original Ice Costa album cover which is greatly similar to the one produced by 
members of the Conti Ransomware Gang obtained using OSINT 


8 yepBen (Prod. by ICE COSTA) - Iunksunn - Amtu 


8 yepBen (Prod. by ICE COSTA) 


© 2022 PLASTIKA 


Sample photos of Nikita Zharinov who is among the original founders of the 
Plastika Sound Boutique Ekaterinburg: 


Sample photos of Alexey Plyushkin who is among the original founders of the 
Plastika Sound Boutique Ekaterinburg: 


# ICECOSTA 
oY) 19 Mar 2021 at 4:02 pm 


§ REC PLASTIKA 
“+ COVER Anexceii Ku6aHos 


..He Bugen go6pa unu 3na, A He 3HatO OTBET 
A gonuBato fbIM MONOKOM Ha o6en, 


PARENTAL 


ADVISORY 


EXPLICIT CONTENT 


It appears that based on my OSINT analysis Alexey Plyushkin is the author of the original 
cover for Ice Costa's album which can be also found in Conti Ransomware Gang's 
internal leaked communication which means that he supposedly knows the actual team 
member of the Conti Ransomware gang that produced the advertising creative who also 
produced Evgeny Samsonov's (Linkvill) album cover. 

Next we got three related images once again courtesy of the Conti Ransomware Gang's 
internal leaked communication this time for "Global School" teaching enterprise and for 
the Youla Land dance lessons school in Russia. 


Sample photos include: 


ey { — £. 
| CeTb ASbIKOBbIX WKON 


This award is proudly presented to 


for winning the Best Lesson competition 


at Global Sehool in 


Director: Date: 


OT4ETHEIM KOWEPT 
WKOAbI TAHWEBR YOULA 


Sample personally identifiable information: 
hxxp://school-global.ru 

hxxp://youladance.ru 

Sample photos: 
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Next we've got yet another photo of team members of the Conti Ransomware Gang 
once again based on their internal leaked communication mentioning Morenehost which 
is a well known bulletproof hosting provider. 


HALIM 
KOHKYPEHTDI 


Sample personally identifiable information: 
Tenecou: +373 775 96666 

E-mail: info@morene.host 

Skype: morene.host 

Jabber: morene@jabber.morene.host 

ICQ: 700812649 / 702647156 

Telegram: @hostmorene 

Viber: +373 775 96666 

WhatsApp: +373 775 96666 

OuHNanH-yaT: https://morene.host 


Profiling Anatoliy Sergeyevich Kovalev from GRU's Unit 74455 "NotPetya" 
Malware Gang - 2024-01-07 01:37 


ii) Esrenuii Degopos 


"Bk -52 VKR 
ay 


Crpanuua: id 702871912 
An image is worth a thousand words. And so is a link including my research here. 


Related links: 


hxxp://vk.com/id207493137 
hxxp://vk.com/id221867060 
hxxp://vk.com/id702871912 


CTpaHa NpomuBaHna: Poccua 

Topo: Cy3semka 

Bpicwee O6pasoBaHne: 

By3: BY um. Netposckoro , 1989 

@akyNbTet: Ovsnko-mMaTemaTuyecknii dakynbTeT (ECTECTBEHHO-Hay4HbIi UHCTUTYT) 
Cpeguee o6pasoBanHne: 

Luikona: Wkona N° 2 , 1984 Cy3emKa 

Tekyljan QeaTenbHoctb: BY um. NeTposckoro 


TePROTPARENCAA sea : 
rPOMAAA 
HACEAEHHA S44 4OA. 3Ar MAOWA 71838 TA 


A30KE MMMPAEMCTBO SAT. TIAMOKIMGRXT ATIMPOBCOKMK 


Wher aia net esrig dae eine otchenko (AutToH Hukosae | TUeCHKO) 
Also ana s Koobface Botnet Master KrotReal? - Part Three - 2024-01-07 


An image is worth a thousand words. And so is a link and my analysis on the Koobface 
botnet here. 
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The Deepest Gipsy King of Them All? - Yavor Kolev - A Dipshit Courtesy of 


Republic of Bulgaria on the "International" - "I Have Never Left the Country" 
Law Enforcement "Scene" - 2024-01-10 04:35 


Can you recognize apologies spot a dipship when you see one? Can the recognize the 
degradation between his teeth or what would some other dipshits courtesy of him that 
don't exist would consider something that doesn't exist to begin with the very presence 
of a human being his teeth and relevant face sculpture to begin with? 

This is not poetry. This is the deepest ugliest and most disgusting presence that | would 
stay a million mile away to skip his relevance of existence to begin with. 

There's a saying. The ones who are distusting are disgusting at all. Beware and don't 
even bother the elaboration on this. Watch out for the irrelevance of these people and 
try to avoid them to the bottom of your brains out and there's not such word as out. The 
dipshitness of your overall irrelevance is bothering other to be bottom of their 
irrelevance. The result? You don't exist. At all. 

If you can spit it try to vomit it but vomit the bottom of your brain's and idiocity's 
irrelevance to the bottom of your brain's out. We will find and beat the bottom of your 
irrelevance out to the bottom of your irrelevance out. You're a disgusting presentation of 
people who dipshit on each other and then skip the breakfast. And guess what? The 
dinner. 

Stay tuned. But you don't. 


Profiling Russia's Internet Research Agency Project Lakhta Artem 
Mikhaylovich Lifshits - 2024-01-12 22:07 
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An image is worth a thousand words. Here's the link. 


Personally identifiable information: 
Email: artemlv@hotmail.com 
mycryptodeals@yandex.ru 


Vkontakte accounts: 
hxxp://vk.com/id5856430 


hxxp://vk.com/shOrtnam3 
hxxp://vk.com/artemous 


Web site: hxxp://smart-shopping.club 
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Profiling Internet Research Agency's Anna Vladislavovna Bogacheva - 2024-01- 
12 22:08 


Who's Behind GoatRAT? - 2024-01-13 23:01 


Usuaria 


Senha 


ACESSAR 


In this brief analysis I'll take a look at who's behind GoatRAT in terms of social media 
activity C&C servers and actual personally identifiable information. 


Personally identifiable information: 
hxxp://bit[.]ly/nubankmodulo 
hxxp://goatrat[.]com/apks/apk20[.]Japk 

Sample MD5s: 
6583a9b6b83738e0bf2a261fc04483e18772da3241e467fdef37a8e27b1869a7 
9a8e85cflbbd32c71f0efa42ffedfla0 
hxxp://apil[.]goatrat[.]com:3008 

Social Media: 

hxxp://t[.]me/sickoDevz 

hxxp://t[.]me/goatmalware 

Web site: 

hxxp://criminalmwl[.]fun 

hxxp://clientes[.]criminalmwl[.]fun 

WhatsApp - +5511987457894 
ba5833b49e2c6501f5bbce90b7948a85 

Code Signing Certificate Signed By: Mr[.] Paxton Doyle PhD 


SSL: 94ba7810ecel1alb227e6a5b509c8bb228e7285ala5cee5f0ee26542783d4b09a 
Sample C&C servers: 

104[.]244[.]75[.]74 

138[.]197[.]166[.]92 

142[.]251[.]143[.]110 

142[.]251[.]143[.]129 

142[.]251[.]143[.]142 

142[.]251[.]143[.]163 

142[.]251[.]143[.]193 

142[.]54[.]162[.]114 

159[.]69[.]27[.]103 

174[.]128[.]250[.]164 

185[.]204[.]1[.]84 

185[.]225[.]68[.]133 

188[.]214[.]132[.]49 

216[.]239[.]32[.]36 

216[.]239[.]34[.]36 

31[.]133[.]1[.]108 

51[.]148[.]150[.]203 

51[.]81[.]93[.]37 

80[.]241[.]214[.]102 

82[.]128[.]229[.]109 

93[.]115[.]91[.]66 

95[.]216[.]209[.]129 

Sample C&C servers: 

tgutjgo6kvqdst5ock[.]Jcom 

olbvu5pv2apkc57zfeg[.]Jcom 
hxxp://h4j7ewfdpwfzg6g6[.]com - 185[.]177[.]206[.]72 
hxxp://3ajzfisxou4yzn3jw552dg[.]com - 87[.]236[.]195[.]198 
hxxp://f53ia7Iqhbg54y7xd7ydp3[.]com - 178[.]63[.]41[.]183 
hxxp://lblhluz7or[.Jcom - 178[.]63[.]41[.]183 
hxxp://inylslu7vfq24vb[.]Jcom - 185[.]177[.]206[.]72 
51[.]81[.]56[.]136 

89[.]163[.]128[.]25 

81[.]7[.]16[.]177 

81[.]170[.J128[.]221 

109[.]70[.]100[.]71 

158[.]255[.J1[.]112 
jOojvmwagorhg4xpjkcy26d3i4au6pz6nyroqxreefmnl7yxgcruxzkmyd[.Jonion 
Sample Photos: 


Equipe Criminal 


Sem eles, 
nada disso 
seria 
possivel 
sickoDevz Pereira Flyn 
CEO & Developer Administrador Administrador 


Por Que Escolher A Criminal? 


Resumo rapido é 
somente aqui ! 


ce) Nés da equipe Criminal trabalhamos 


dia e noite para adicionar fun¢des 
novas semanalmente e 
bances/mecanismes novos para 
deixar seu trampeo ainda melhor 


Mecanismos 
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Tela Falsa Device Logs ATS 

O bot insere uma tela falsa do prépio bance para Veja saldos bancarios e todo Transfira todo valor da conta da 

o bico nao ver o bot operando e nao desconfiar processo do bot utilizando o pessoa em segundos apenas fazenda 
de absolutamente nada mecanisme de Device Logs ela abrir o prépio banco 


CriminaiIMw 


J& imaginou tirar todo dinheiro de 
uma conta banc4Gria em segundos 
apenas instalando um virus no 
aparelho da pessoa? conhecga jaa 
CriminalmMw 


Who Can Improve My Wikipedia Article? - 2024-01-15 20:12 


Who can assist and improve my Wikipedia article? 


Thank you. 


= WikirepiA Q Creste account Login s+ 


= Draft:Dancho Danchev a Adi tanguages © 
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Dancho Danchev Ulmers Auten) (bam Novernber 27 3983) in Soften eyberuecurhy resmarchier 
Journatis and 9 Blogger based fm Bulgar. He Ire tn Troyer 


Early Life (ear) ee oe 

Dancho Danchey has beeen an active wecurity Blogger nice 2097. Hn Is & cyDernecurty researcher and a 
\wholsxat, APY theeat researcher!"E"!" He runs one of the security insustry's most popular security 
Publications wth over $.6% pape views Dancto Danchey's Bog - Hind Streams of wformation Security 
romedge." He ts keown for reporting first on the Chinese Nacktivist” attack em CNN.com In 2008, the 
Operation Abate attack on Wells Farge U5, Garic atnd PRC Bik arst the Mew mark Ties acvertivernent 
attack in 2008.) 

[He nas been associated with 20hvet's Zev Day blag, where he covwmcte articles and analyses on East 
Evrcgean criminal acivity ane online scams. Oonchey's research oes focused on cyber terrorism 
activities of terrorist groups and monitoring the actieies of the Koabtace worm which targeted users of 
sncial networking wtey, Hnchuting Taceboo, 

Danichev inert orkexing in 2013, according to reports, after Wis blog cout on the calection of tra reweurch 
‘on temorist orpanteations' use of the letemes tee fac E 


Education jo) 


Danicho hove stiches in Weel Level Seconctary Schos! in Troyan Bulgarie ned inter on stuctes nt 
Hogeschool 2uyd in Steiord The Netherlonds and then at Wopeschco! (refettsnd in Sutterdary The 
Netherlands He hols @ TOEFL cersficate, 


Events (eat) 

1 Ownclo is novan to have prenertint at the Netherlands wiallgence Studies Assoctatien (ness! 
= Dancho is known te have presented the Keyrote presentation at CyberCame 2016 evers in Span!” 
= Danchois knewn te have presented at Cybersecurity Talks uigaria 


Work Career (cor) 
Dancho is known to have Been moderating DiaronaCSs Trojan Oeverse Suite newsleerer in 1999!°%! 


Oancho Is known to have Bees runeing Astalavista Security Geeup’s Astalavista. comm! !”! ke 2003 Web se 
(ated Aatvinetatin exe se Wi site in 202%, 


Interviews |e) 

2 Dencho gave an imersiew to Orutuche Welle on the Keartare Boiret! 
# Gencho guve wm interview to Limuetecutitycoey ) 

« Dancho participated iw WhelakML AM Poseast!! 

# Dencto guve an ineerview to mussian Osset!**! 


Disappearance |e: 

In Segeember 2050, Osnchey wert missing under mysterious Circumatances amed concer about tes 
satery fier to Mis Gsappearance, he Nad espressed concerns about surverlance By Bulgarian aw 
lerdstcement and inteigesce sereices. Cespite estas to contact him thraugh versus means, inching, 
phone and ema, he could nat be reached ZDNet published a letter and photos he had sent, sneking 
Informanion an his whereabouts. While anonymous sources incicates he wins atve but facing citicutios, 
De enact decals of his Giseppearance romans uskeaAn, 


Major Achievements (or! 

« Dancho is enon te have particpated in 4 Yep Secret COV INeqram to martar hackers anime based 
oh a decumem part of Ecienns Seowserts sective, |" 

+ Gencho is encwn to have dacaverns that Paintito Nreworks i part cf the Solarwhnss aupehy chat 
mevicrcus vottwnre antacel 

+ Sancho is enon to have dacuures tha the Wb ste of Fanhpine has Bert comprised and wine 
sedeecenng t> malaare 

+ Dench is also hers ta haw conttitited to reswarch levslaing Ihe Aewlancha ane the Aum 
bonnets? 

«Sancho is enon to have hewnily centninted to vanows scarwmate retuced reweueet?! 

« Qancho is eewn te have contributes te the use of sewch enqines by Eybercrirenals i the contest ef 
Blackhat SEO {search engine aptenizabon) ard malcious search eagne resuks sosureng research!” 
4 Dancho Is known to have cortrloutes research or the Luthuanian cyber attacks and the Rusa vi 
Georgia cyser actacks!?* 

«= Bancho is known to have been running and maletaising the "Diverse huetfolo of Fake Securty 

‘sok ware® bleg gavis or scarewmnce blag pasts very *! 

‘= Bancho Danchey has been quoted on hdia's CAPTCHA saving ecorom/ 

+ Boncho Is known to fend the threat ntetigence market segment according to » comparative market 
aut 


Awards ten) 


 Gwncla haa been ced in Cyber Seccetty Basanti’? 

= Gincho has been cited in Securhty Amareness: Apatying Fractical Seouity wn sour World °F 
‘= Ooncho has been cted in Cemplia Securky+ Guide to Network Security Funsamentats!”!! 
1 Doncho hes been cited in Securhiy+ Guise to Network Security Rundamentavis”*! 


2on-0717 

2. * “Kintnge Maos a Coerencke it certncoen Merirved 20099712 
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I'm retiring. Ebay memorabilia auction soon with some surprises. I'll post a link here. All 


of my research 2005-2023 here - https://archive.org/details/@ddanchev Yours sincerely. 
Dancho 
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Dancho Danchev 


From Wikipedia, the free encyclopedia 


Ganrhe Sacsher mi a Svante in Internet security analyst. anche Danchey 
Contents Citizenship Bulgarian 
1 Career Occupation Security researcher 
2 Koobface investigations — Website 
3 2010 Disappearance Dancho Danchev's blog 
4 References 
5 External links 
Career test) 


Danchev is known for discovering computer virus and spamming attacks as they surface on the Internet, and 
providing details on the new threats.!! As a security researcher, he has been the first person to report major 
malware campaigns as they begin to take form.!?! Danchev has also discussed the use of new technology, like 
USB keys. and their potential effects on the internal security of the computer systerns of major corporations,!?! 
pair reports on the use of new technology or methods of breaking through Intemet security protocols as 
welt! 


His blog posts and articles have included explanations of the overall landscape of the underground malware 
industry in countries like Russia and China,!>!! in addition to the use of the Internet by terrorist networks.!7!®) 
The entities he has reported on include volunteer militias of hackers that independently attack the servers of 
enemy nations while their countries are in the midst of military operations, such as Russia's involvement in 
Georgia!) in 2009 he discovered that the Indian embassy in Spain had been taken over to serve malware to 
those who visited the site.!!°! He also reports on the hacking of major corparate websites, !?#!!121113) 


Specific attacks that Danchey provided Initial analysis for include a "Chinese hacktivist” attack on CNN.com In 
2008;'!4!151 the Operation Ababil attack on Wells Fargo, U.S. Bank and PNC Bank;!*6! a 2009 malicious comment 
attack on YouTube and Digg.com;!!?! a large 2010 blackhat SEO campaign affecting both Bing and Google 
searches;!}8! 3 2009 New York Times malvertisement attack;!?9) and a 2010 attack on Network Solutions,!?4) 


Koobface investigations {eair| 


in February 2010 Danchev posted an article called "10 things you didn’t know about the Koobface gang”, 
discussing various Interactions he has had with them (they once redirected the Facebook website to his blog) and 
other pleces of information. in May the creators of the malware then forced its network to post 4 point by point 
response to the article on the screens of all the computers they had infected.!**! Danchey continued his 
investigations into the gang, eventually posting the full biographical details of some of its members on his 


blog.!?? } 


2010 Disappearance (eu ——= 


In late 2010 ZDNet, which Danchev co-wrote, reported that he had disappeared from home in Bulgaria and was 
feared harmed.!??! On September 11, 2010 he submitted what would be his final post of the year. writing about 
@ “cyber jihad” and during that month he also sent letters to friends stating that he was concerned that he was 
under survelllance.!*4! after his disanpearance ZDNet received a message stating that "Dancho's alive but he's 


Dancho, HBGary is interested in talking w/ you about Threat 
Intelligence 


From: greg@hbgary.com 

To: dancho. danchev@gmail.com 

Date: 2009-84-15 13:82 

Subject: Dancho, HBGary is interested in talking w/ you about Threat Intelligence 


Danche, 


My company, H8Gary, is developing a mew business unit which we call "Global 
Services". A keystone of the offering is tracking human and organizational 
factors behind malware threats. Your work, and some of the work of your 
peers, seems to be very good analysis in this area. Since the space is new 
to us, I want to tap the best minds in the industry to help us develop an 
offering. Would you be interesting in spending some time with our team to 
discuss your work and methodology? On the market side I am also trying to 
pin down what customers will actually pay for, and perhaps you have some 
insight here as well. I am willing to hire you as a consultant, and/or pay 
for your time and travel in any way that works for you. I will be at RSA 
next week, and our company has an event for customers in San Jose in the 


first or second week of May. I also travel to Washington DC quite alot. 


Auction Onion - 2024-01-18 14:25 


Dancho Danchev's Dark Web Onion 1.5TB OSINT/Cybercrime Research and Threat 
Intelligence Gathering Personal Memorabilia Files 2010-2023 Private Torrent Dark Web 
Auction 


https://ddanchev.blogspot.com 
Email: dancho.danchev@hush.com 
Wire Bank Transfer Details for This Dark Web Auction Available On Request Using Email 


Auction Bids For My Private Personal Files 2010-2023 Memorabilia Torrent [1.5TB] 
[ZIP] Start At $85,000 


Full Directory Listing in HTML Available As A Teaser Using Email 


Dear Dark Web Onion visitor, 


his is Dancho Danchev (https ://ddanchev blogspot.com) and I’m proud to welcome you to my Dark Web Onion 
Auction Web site. 


Keywords: Dark Web, Dark Web Onion, Hacking, Hacker, Hackers, Dancho Danchey, Intelligence, Intelligence 
Studies, Intelligence Community, NSA, GCHQ, Cyber Intelligence, Malicious Software, Malware, Cyber 
Surveillance, Eavesdropping, Wiretapping, Top Secret, Classified, Top Secret Program, Classified Program, 
Cybercrime, Data Mining, Big Data, Cybercrime Research, Threat Intelligence, Security Industry, Information 
Security, Information Security Industry, Computer Security, Computer Hacking, Network Security, Network 
Hacking, OSINT, Russia, Iran, Russian Hackers, Iranian Hackers, Russian Cybercriminal, Cybercrime Forum, 
Cybercrime Forum Community, Astalavista, Astalavista.box.sk, Box.sk, Box.sk Network, Cracks, Serials, 
Keygens, Key Generators, Hacker Search Engine, Cracks Search Engine, Serials Search Engine, Threat 
Intelligence, Cybercrime Research, Malware, Malicious Software, Botnet, Botnets, Reverse Engineering, Kali 
Linux, Metasploit, CVE, Bluetooth, RFID, Wireless, Tools, Bruteforce, Social Engineering, XSS, SQL Injection, 
Secure Coding, Exploit, Vulnerability, Bug Bounty, Exploit Kit, Zero Day, Patch Tuesday, Fuzzing, Framework, 
Remote Code Execution, SOCMINT, Dark Web, Deep Web, Metadata, EXIF, OPSEC, Maltego, Palantir, SIEM, 
Indicator of Compromise, Advanced Persistent Threat, TTP, Malware Tracker, Malware Blocklist, Threat 
Intelligence Feed, Threat Intelligence API, MISP, STIX, Command and Control, Malware Feed, OpenCTI, 
Malware Sandbox, Javascript Obfuscation, Reverse Engineering, Honeypot, MD5, Malware Sample, Passive DNS, DomainKeys, IP Reputation, Blacklist, Spam 
Filtering, Spam Solution, Spam Feed, Bayesian Filter, Heuristic Filter, Temporary Email, Blackhat SEO, Phishing Framework, Phishing Template, SPF, Spear 
Phishing, Phishing Report, Security Training, Typosquatting, Domain Reputation, Phishing Kit, P2P Botnet, Botnet Shutdown, Botnet Sinkole, IRC Botnet, ASN 
Monitoring, Linux Malware, Botnet Mitigation, Spam Botnet, DDoS Botnet, Botnet Tracker, VPN, SSL Encryption, Full Disk Encryption, End-to-End Encryption, 
Cookie Tracking, Do Not Track, Tor Network, NSA, GCHQ, Browser Finterprint, PGP, OTR, OMEMO, SSL, DNSSEC, IPSec, Encrypted Email, Encryption Tool, Zero 
Knowledge Backup, Ethernet Encryption, APT, Money Mule, Re-Shipping Fraud, Credit Card Fraud, Hacker Group, Web Site Defacement, Mobile Botnet, loT 
Botnet, Router Botnet, 2FA, Cryptohippie, Exit Node, OpenVPN, Wireguard, VPN Jurisdiction, VPN No Logs, VPN Router, Free VPN, VPN Trial, VPN Technology 


Dark Web Onion. 
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Cybercrime_Forum_Data_Set_2021.rar 39.4 GB Seeding 
Dancho_Danchev_Astalavista_Security_Newsle... 288 MB Seeding 
Dancho_Danchev_Blog_Archive JSON_2021.rar 4.15 MB Seeding 
Dancho_Danchev_Blog_E-Book_Archive_2021.... 6.06 GB Seeding 
Dancho_Danchev_Cyber_Threat_Actors_Analy... 9.24 MB Seeding 
Dancho_Danchev_Cybercrime_Research_2021_... 754 kB Seeding 
Dancho_Danchev_Cybercrime_Research_Prese... 10.9 MB Seeding 
Dancho_Danchev_Intelligence_Community_2.... 1008 MB Seeding 
Dancho_Danchev_Interview_DW_Koobface_Bo... 2.65 MB Seeding 
Dancho_Danchev_Iran_Hackers_Personally_Ide... 3.04 GB Seeding 
Dancho_Danchev_Iran_White_Paper_2021.rar 255 MB Seeding 
Dancho_Danchev_Iran_White_Paper_Part_Two... 9,99 MB Seeding 


Dancho_Danchev_Keynote_Koobface_Botnet_... 163 MB 
Dancho_Danchev_Malware_Trends_White_Pap... 2.41 MB Seeding 
Dancho_Danchev_Medium_Research_Compila... 60.7 MB Seeding 
Dancho_Danchev_Personal_Memoir_Compilat... 164 MB Seeding 
Dancho_Danchev_Private_Party_New_Year_Vid... 541 MB Seeding 
Dancho_Danchev_Security_Policy_White_Pape... 2.41 MB Seeding 
Dancho_Danchev_Twitter_Account_Archive_2... 864 kB Seeding 
Dancho_Danchev_Unit-123_Security_Research... 27.4 MB Seeding 
Dancho_Danchev_Webroot_Research_Compil... 602 MB Seeding 


Dancho_Danchev_ZDNet_Research_Compilati... 464 MB Seeding 
WhoisXML_API Research_Articles_2021.rar 48.6 MB Seeding 


UPDATE: 
New link. 


ey Cybercrime_Forum_Data_Set_2021 

im Dancho_Danchev_Blog_E-Book_Archive_2021 

ie Dancho_Danchev_lran_Hackers_Personally_ldentifiable_Information_Compilation_2021 
int Dancho_Danchev_Cybercrime_Personal_Photos_Ecosystem_2021_Compilation 
im Dancho_Danchev_Intelligence_Community_2.0_Dark_Web_Onion_Backup_2021 
int Dancho_Danchev_ZDNet_Research_Compilation_2021 

ie} Dancho_Danchev_Webroot_Research_Compilation_2021 

a Dancho_Danchev_Private_Party_New_Year_Videos_Compilation 

et Dancho_Danchev_lran_White_Paper_Part_Two_2021 

a Dancho_Danchev_Astalavista_Security_Newsletter_Compilation_2021 

|. Dancho_Danchev_lran_White_Paper_2021 

im Dancho_Danchev_Personal_Memoir_Compilation_Research_2021 

im Dancho_Danchev_Keynote_Koobface_Botnet_CyberCamp_2021 

et Dancho_Danchev_Medium_Research_Compilation_2021 

et WhoisXML_API_Research_Articles_2021 

im Dancho_Danchev_Unit-123_Security_Research_Compilation_2021 

Bt Dancho_Danchev_Cybercrime_Research_Presentations_2021 

im Dancho_Danchev_Cyber_Threat_Actors_Analysis_Research_Compilation_2021 
a Dancho_Danchev_Security_Policy_White_Paper_2021 

int Dancho_Danchev_Malware_Trends_White_Paper_2021 

im Dancho_Danchev_Interview_DW_Koobface_Botnet_MP3_2021 


int Dancho_Danchev_Cybercrime_Research_2021_Personally_Identifiable_Information_Compilation 


im Dancho_Danchev_Twitter_Account_Archive_2021 
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New link. 
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UPDATE: 


61,120,172, 747 
6,512,017,221 
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129,025 KB 
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10/21/2022 5:55 PM WinRAR archive 
6/23/2022 6:22 AM WinRAR ZIP archive 
6/23/2022 6:22 AM WinRAR ZIP archive 
10/21/2022 5:03 PM WinRAR archive 
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5/18/2021 2:47 PM WinRAR archive 
12/25/2021 9:18 AM WinRAR archive 
12/25/2021 9:18 AM WinRAR archive 
6/22/2022 12:10 AM WinRAR ZIP archive 
12/25/2021 6:44 AM WinRAR archive 
6/23/2022 6:22 AM WinRAR archive 
6/23/2022 6:22 AM WinRAR archive 
6/23/2022 6:22 AM WinRAR archive 


24,294,299 KB 
8,612,249 KB 
562,089 KB 
196,396 KB 
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95,241 KB 


3,889,042 KB 
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264,960 KB 
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262,912 KB 


ju | Cybercrime_Forum_Data_Set_2021 (1) 

iw | Cybercrime_Forum_Data_Set_2021 

iw | Cybercrime_Forum_Data_Set_Archive_2019 

fw | Dancho_Danchev_Cybercrime_Forum_Data_Set_2021 
| evilhack.ru 

jw | Cybercrime_Forum_Data_Set_Archive_2021 (1) 
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| Cybercrime_Forum_Data_Set_Archive_2022 
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| Dancho_Danchev_Cybercrime_Forum_Data_Set_2021 
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10/16/2019 5:06 PM 
5/14/2021 2:46 AM 

2/21/2020 11:24 PM 
6/22/2022 12:50 AM 
5/18/2021 2:47 PM 

6/22/2022 12:41 AM 
12/25/2021 9:18 AM 
2/22/2020 11:46 AM 
2/21/2020 10:48 PM 
2/21/2020 10:53 PM 
2/21/2020 10:46 PM 
6/22/2022 12:10 AM 
6/22/2022 12:11 AM 
12/25/2021 6:44 AM 


10/17/2022 5:34 AM 
6/22/2022 6:27 AM 
10/16/2019 5:06 PM 
5/14/2021 2:46 AM 
5/18/2021 2:47 PM 
12/25/2021 9:18 AM 
6/22/2022 12:10 AM 
12/25/2021 6:44 AM 
6/23/2022 6:22 AM 


10/22/2022 7:50 AM 
3/7/2022 7:13 AM 
10/21/2022 2:42 PM 
10/21/2022 5:04 PM 
10/21/2022 5:38 PM 
10/21/2022 5:55 PM 
10/21/2022 5:55 PM 
6/23/2022 6:22 AM 
6/23/2022 6:22 AM 
10/21/2022 5:03 PM 
10/21/2022 4:38 PM 
10/22/2022 7:43 AM 
10/21/2022 4:20 PM 
10/21/2022 3:54 PM 


WinRAR archive 
WinRAR archive 
WinRAR ZIP archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR ZIP archive 
WinRAR archive 
WinRAR archive 


WinRAR archive 
WinRAR archive 
WinRAR ZIP archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR ZIP archive 
WinRAR archive 
WinRAR archive 


WinRAR archive 
WinRAR ZIP archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR ZIP archive 
WinRAR ZIP archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 
WinRAR archive 


36,081,469 KB 
36,081,469 KB 
17,715,627 KB 
17,410,869 KB 
4,944,904 KB 
2,814,264 KB 
2,814,264 KB 
2,099,796 KB 
2,099,796 KB 
1,606,892 KB 
1,595,528 KB 
1,513,588 KB 
1,401,852 KB 
721,586 KB 
691,458 KB 
691,458 KB 


63,016,059 KB 
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A Case Study on a Bulgarian Dipshit Local Drug Addict Gang Member and A 
Peasant From Troyan, Bulgaria Part of The Gang that Robbed and Kidnapped 
and Home Molested Me - 2024-02-11 10:48 


catch you". The next thing that 


When you're so dumb that even the "drugs" can't " 


follows is the laughing. 
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Is it the "lack" of or the lack of? 


Can you suck my bottom? Do you have the permission of other people to do it before 
you suck mine? Do you know what does this constitutes? Let's play a game. If my 
bottom is in the ugliest and most disgusting part of the universe and you want to suck it 
does this mean that you're there too? You don't exist. 


We in the face of your parents should rather pay you to best yourself and stop existing 
and make a free low profile non-existent and cheap movie out of it which is something 
that you shouldn't forget doesn't constitute anything. It's the very art of having you beat 
yourself courtesy of your parent's money and having the very same non-existent 
Bulgarian dipshits pay you to beat yourself. While beating yourself you can easily forget 
about compilations and series of movies about your beating simply because your very 
ugliness and disgusting existence doesn't compare to that of a human being. 


